elasticsearch-rce-vuln recently, but all exploits i've seen
so far are getting blocked if you run the naxsi_core.rules
wirth high XSS/SQL-scores due to many brackets, quotes
there exists a generic signature in the doxi-rules that was designed to detect
such kinds of attacks against java-based applications:
MainRule "str:java.lang." "msg:Possible Java.Lang - Injection
(URL-Args & POST-Body)" "mz:BODY|ARGS" "s:$UWA:8" id:42000348 ;
about the vuln:
the POC: https://github.com/
btw and IMHO: whoever runs elasticsearch NOT protected by firewalls and/or reverse proxies deserves to get 0wned, given the elasticsearch-vuln-trackrecord including various RCEs in the last 2 years.
on JettyLeak: who runs Jetty behind nginx is safe, since nginx itself
blocks any request as malicious, so no naxsi-sig needed.
apachy btw happily forwards the mailicious request.
more info: https://8ack.de/news-der-